76 lines
2.8 KiB
Plaintext
76 lines
2.8 KiB
Plaintext
|
|
# The options available here are an adaptation of the settings used in nodogsplash.conf.
|
|
# See https://github.com/nodogsplash/nodogsplash/blob/master/resources/nodogsplash.conf
|
|
|
|
config nodogsplash
|
|
# Set to 0 to disable nodogsplash
|
|
option enabled 1
|
|
|
|
# Set to 0 to disable hook that makes nodogsplash restart when the firewall restarts.
|
|
# This hook is needed as a restart of Firewall overwrites nodogsplash iptables entries.
|
|
option fwhook_enabled '1'
|
|
|
|
# Serve the file splash.html from this directory
|
|
option webroot '/etc/nodogsplash/htdocs'
|
|
|
|
# Use plain configuration file
|
|
#option config '/etc/nodogsplash/nodogsplash.conf'
|
|
|
|
# Use this option to set the device nogogsplash will bind to.
|
|
# The value may be an interface section in /etc/config/network or a device name such as br-lan.
|
|
option gatewayinterface 'br-lan'
|
|
|
|
option gatewayname 'OpenWrt Nodogsplash'
|
|
option maxclients '250'
|
|
|
|
# Enables debug output (0-7)
|
|
#option debuglevel '7'
|
|
|
|
# Client timeouts in minutes
|
|
option preauthidletimeout '10'
|
|
option authidletimeout '120'
|
|
|
|
# Your router may have several interfaces, and you
|
|
# probably want to keep them private from the network/gatewayinterface.
|
|
# If so, you should block the entire subnets on those interfaces, e.g.:
|
|
# list authenticated_users 'block to 192.168.0.0/16'
|
|
# list authenticated_users 'block to 10.0.0.0/8'
|
|
|
|
# Typical ports you will probably want to open up.
|
|
#list authenticated_users 'allow tcp port 22'
|
|
#list authenticated_users 'allow tcp port 53'
|
|
#list authenticated_users 'allow udp port 53'
|
|
#list authenticated_users 'allow tcp port 80'
|
|
#list authenticated_users 'allow tcp port 443'
|
|
# Or for happy customers allow all
|
|
list authenticated_users 'allow all'
|
|
|
|
# For preauthenticated users to resolve IP addresses in their
|
|
# initial request not using the router itself as a DNS server,
|
|
# Leave commented to help prevent DNS tunnelling
|
|
#list preauthenticated_users 'allow tcp port 53'
|
|
#list preauthenticated_users 'allow udp port 53'
|
|
|
|
# Allow ports for SSH/Telnet/DNS/DHCP/HTTP/HTTPS
|
|
list users_to_router 'allow tcp port 22'
|
|
list users_to_router 'allow tcp port 23'
|
|
list users_to_router 'allow tcp port 53'
|
|
list users_to_router 'allow udp port 53'
|
|
list users_to_router 'allow udp port 67'
|
|
list users_to_router 'allow tcp port 80'
|
|
|
|
# MAC addresses that are / are not allowed to access the splash page
|
|
# Value is either 'allow' or 'block'. The allowedmac or blockedmac list is used.
|
|
#option macmechanism 'allow'
|
|
#list allowedmac '00:00:C0:01:D0:0D'
|
|
#list allowedmac '00:00:C0:01:D0:1D'
|
|
#list blockedmac '00:00:C0:01:D0:2D'
|
|
|
|
# MAC addresses that do not need to authenticate
|
|
#list trustedmac '00:00:C0:01:D0:1D'
|
|
|
|
# Set FW_MARK for compatibilty with other OpenWrt Packages eg mwan3, sqm etc.
|
|
list fw_mark_authenticated '30000'
|
|
list fw_mark_trusted '20000'
|
|
list fw_mark_blocked '10000'
|